Nice Etienne, I put you on the agenda to talk a bit about it! ;-) Take care, Morris ------------------------------------------------------------ Morris Riedel SW - Engineer Distributed Systems and Grid Computing Division Jülich Supercomputing Centre (JSC) Forschungszentrum Juelich Wilhelm-Johnen-Str. 1 D - 52425 Juelich Germany Email: m.riedel@fz-juelich.de Info: http://www.fz-juelich.de/jsc/JSCPeople/riedel Phone: +49 2461 61 - 3651 Fax: +49 2461 61 - 6656 Skype: MorrisRiedel "We work to better ourselves, and the rest of humanity" Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzende des Aufsichtsrats: MinDirig'in Bärbel Brumme-Bothe Vorstand: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. Vorsitzender)
------Original Message----- -From: pgi-wg-bounces@ogf.org [mailto:pgi-wg-bounces@ogf.org] On Behalf Of -Etienne URBAH -Sent: Friday, April 03, 2009 3:38 PM -To: pgi-wg@ogf.org -Cc: edges-na3@mail.edges-grid.eu; lodygens@lal.in2p3.fr -Subject: [Pgi-wg] OGF PGI - Security - Interoperability in progress between EGEE -and OSG (using COPS) - -To All, - - -My previous today's mail shows that the security work of PGI is now stuck into -irreconcilable incompatibility between : -- RFC-3820-compliant X509 certificates and proxies on one part, -- GSI-style X509 proxies (which can be delegated) on the other part. - - -But there is some hope : At the last MWSG meeting in Zürich, David -GROEP has performed a presentation 'AuthZ Interop report' available at -http://indico.cern.ch/materialDisplay.py?contribId=22&sessionId=3&material Id=slides -&confId=52862 - -This presentation describes current work in good progress begun in 2007 -on security interoperability between OSG and EGEE, with the help of -Globus and Condor teams. - -This work uses the Common Open Policy Service (COPS) model defined in -RFC 2748 at http://tools.ietf.org/html/rfc2748 - -COPS defines at least following 2 concepts : -- PDP = Policy Decision Point -- PEP = Policy Enforcement Point - -Interoperability is achieved through an AuthZ Interop Profile, based on -the SAML v2 profile of XACML v2. - -There are production deployments in OSG and EGEE. - - -So I suggest that, before reinventing the wheel, we study in detail the -above mentioned document, in order to quickly know : -- The problems which they are encountering, -- The solutions which they are founding, -- The interoperable components which they are deploying and which we -could reuse, -- ... - - -Best regards. - ----------------------------------- -Etienne URBAH IN2P3 - LAL -Bat 200 91898 ORSAY France -Tel: +33 1 64 46 84 87 -Mob: +33 6 22 30 53 27 -Skype: etienne.urbah -mailto:urbah@lal.in2p3.fr -----------------------------------